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1. A method comprising: 

receiving, from a delegator, a designation of a role and 
a delegate to assume the role; 

receiving, from a credential service provider, an 
5 indication that the designation is valid; and 

issuing a delegation credential in response to receiving 
the indication. 

2. The method of claim 1, wherein the delegation 
;.4P credential comprises encoded delegation information. 

g| 3. The method of claim 1, wherein the delegation 

credential allows the delegate to assume the role. 

4. The method of claim 1, further comprising: 

Jl issuing a confirmation to the delegator which indicates 

hi 

that the delegation credential was issued. 

5. The method of claim 1, wherein the delegator can 
20 delegate multiple functions, the role comprising one of the 

multiple functions. 



-31 - 



Attorney Docket: 10559/505001/P11806 

6. The method of claim 1, wherein the delegation 
credential is issued to and stored by at least one of the 
delegate and a credential service provider. 

5 7. The method of claim 6, wherein the credential service 

provider receives a digital credential from the delegate and 
an access requirement from a relying party and determines if 
the digital credential is valid for the access requirement. 

f|0 8. The method of claim 7, wherein the credential service 

provider determines if there is a delegation credential that 
Si corresponds to the access requirement and provides the 
45 delegation credential that corresponds to the access 
' requirement to the delegate. 

9. The method of claim 8, wherein multiple delegation 
credentials correspond to the access requirement and the 
credential service provider provides the multiple delegation 
credentials to the delegate. 

20 

10. The method of claim 9, wherein the delegate selects 
which of the multiple delegation credentials to use for the 
access requirement and the credential service provider 
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provides a selected delegation credential to the relying 
party. 

11. A method comprising: 

receiving a request from a delegate for access to a 
service; 

obtaining delegation credentials for the delegate; 

determining which of the delegation credentials 
correspond to access requirements for the service; and 

providing the delegation credentials that correspond to 
the access requirements. 

12. The method of claim 11, further comprising: 
receiving a digital credential from the delegate; and 
determining if the digital credential corresponds to 

access requirements for the service; 

wherein, if the digital credential does not correspond to 
the access requirements for the service, the method performs 
the obtaining, determining and providing. 

13. The method of claim 11, further comprising: 
receiving, from the delegate, a selected one of the 

delegation credentials that correspond to the access 
requirements; and 



Attorney Docket: 10559/505001/P11806 

using the selected one of the delegation credentials to 
access the service, 

14. The method of claim 13, further comprising: 
verifying validity of the selected one of the delegation 

credentials prior to using the selected one of the delegation 
credentials to access the service. 

15. The method of claim 13, further comprising: 
receiving a statement indicating that the selected one of 

the digital credentials is valid prior to using the selected 
one of the delegation credentials to access the service. 

16. A method comprising: 

receiving, from a delegate, a value corresponding to a 
confirmation code and an identifier, the confirmation code and 
the identifier corresponding to a delegator; 

identifying the delegator using at least one of the 
identifier and the confirmation code; and 

assigning, to the delegate, a delegation credential that 
corresponds to the delegator. 
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17. The method of claim 16, further comprising: 
sending a message to the delegator indicating that the 

delegation credential has been assigned. 

18. The method of claim 16, further comprising: 
storing the delegation credential in a database 

maintained by a delegation service provider. 

19. The method of claim 16, wherein identifying 
comprises checking a hash of the confirmation code to identify 
the delegator. 

20. A method comprising: 

receiving, from a delegate, a delegation request for a 
role of the delegator; 

receiving a value corresponding to a confirmation code 
from the delegate; 

receiving, from the delegator, a request for outstanding 
delegation requests; 

requesting approval from the delegator of an outstanding 
delegation request from the delegate; and 

receiving the confirmation code from the delegator in 
response to requesting approval. 
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21. The method of claim 20, further comprising: 
confirming the approval of the outstanding delegation 

request using the confirmation code. 

22. The method of claim 21, further comprising: 
receiving a digital credential from the delegator; and 
confirming that the received digital credential matches a 

digital credential of the delegator. 

23. An article comprising a machine-readable medium that 
stores executable instructions that cause a machine to: 

receive, from a delegator, a designation of a role and a 
delegate to assume the role; 

receive, from a credential service provider, an 
indication that the designation is valid; and 

issue a delegation credential in response to receiving 
the indication. 

24. The article of claim 23, wherein the delegation 
credential comprises encoded delegation information. 

25. The article of claim 23, wherein the delegation 
credential allows the delegate to assume the role. 
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26. The article of claim 23, further comprising 
instructions that cause the machine to: 

issue a confirmation to the delegator which indicates 
that the delegation credential was issued. 

27. The article of claim 23, wherein the delegator can 
delegate multiple functions, the role comprising one of the 
multiple functions. 

28. The article of claim 23, wherein the delegation 
credential is issued to and stored by at least one of the 
delegate and a credential service provider. 

29. An article comprising a machine-readable medium that 
stores executable instructions that cause a machine to: 

receive a request from a delegate for access to a 
service ; 

obtain delegation credentials for the delegate; 

determine which of the delegation credentials correspond 
to access requirements for the service; and 

provide the delegation credentials that correspond to the 
access requirements. 
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, 30. The article of claim 29, further comprising 

instructions that cause the machine to: 

receive a digital credential from the delegate; and 
determine if the digital credential corresponds to access 
5 requirements for the service; 

wherein, if the digital credential does not correspond to 
the access requirements for the service, obtaining, 
determining and providing are performed. 

= 1;0 31. The article of claim 29, further comprising 

j: instructions that cause the machine to: 
I'. receive, from the delegate, a selected one of the 

i'-, delegation credentials that correspond to the access 

= requirements; and 

Jfe use the selected one of the delegation credentials to 

% access the service. 

32. The article of claim 31, further comprising 
instructions that cause the machine to: 
20 verify validity of the selected one of the delegation 

credentials prior to using the selected one of the delegation 
credentials to access the service. 



-38 - 



Attorney Docket: 10559/505001/P11806 

33. The article of claim 31, further comprising 
instructions that cause the machine to: 

receive a statement indicating that the selected one of 
the digital credentials is valid prior to using the selected 
one of the delegation credentials to access the service. 

34. An article comprising a machine-readable medium that 
stores executable instructions that cause a machine to: 

receive, from a delegate, a value corresponding to a 
confirmation code and an identifier, the confirmation code and 
the identifier corresponding to a delegator; 

identify the delegator using at least one of the 
identifier and the confirmation code; and 

assign, to the delegate, a delegation credential that 
corresponds to the delegator. 

35. The article of claim 34, further comprising 
instructions that cause the machine to: 

send a message to the delegator indicating that the 
delegation credential has been assigned. 

36. The article of claim 34, further comprising 
instructions that cause the machine to: 
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store the delegation credential in a database maintained 
by a delegation service provider. 

37. The article of claim 34, wherein identifying 
comprises checking a hash of the confirmation code to identify 
the delegator. 

38. An article comprising a machine-readable medium that 
stores executable instructions that cause a machine to: 

receive, from a delegate, a delegation request for a role 
of the delegator; 

receive a value corresponding to a confirmation code from 
the delegate; 

receive, from the delegator, a request for outstanding 
delegation requests; 

request approval from the delegator of an outstanding 
delegation request from the delegate; and 

receive the confirmation code from the delegator in 
response to requesting approval. 

39. The article of claim 38, further comprising 
instructions that cause the machine to: 

confirm the approval of the outstanding delegation 
request using the confirmation code. 
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40. The article of claim 39, further comprising 

instructions that cause the machine to: 

receive a digital credential from the delegator; and 
confirm that the received digital credential matches a 

digital credential of the delegator. 
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